Example 1 with WhoAmIExtendedRequest
use of com.unboundid.ldap.sdk.extensions.WhoAmIExtendedRequest in project ldapsdk by pingidentity.
the class SubtreeDeleter method setInaccessible.
/**
* Marks the specified subtree as inaccessible.
*
* @param connection
* The {@link LDAPInterface} instance to use to communicate with
* the directory server. While this may be an individual
* {@link LDAPConnection}, it may be better as a connection
* pool with automatic retry enabled so that it's more likely to
* succeed in the event that a connection becomes invalid or an
* operation experiences a transient failure. It must not be
* {@code null}.
* @param baseDN
* The base DN for the subtree to make inaccessible. It must not
* be {@code null}.
*
* @return An {@code LDAPResult} with information about a failure that
* occurred while trying to make the subtree inaccessible, or
* {@code null} if the subtree was successfully made inaccessible.
*/
@Nullable()
private static ExtendedResult setInaccessible(@NotNull final LDAPInterface connection, @NotNull final DN baseDN) {
// Use the "Who Am I?" extended operation to get the authorization identity
// of the provided connection.
final ExtendedResult genericWhoAmIResult = processExtendedOperation(connection, new WhoAmIExtendedRequest());
if (genericWhoAmIResult.getResultCode() != ResultCode.SUCCESS) {
return genericWhoAmIResult;
}
final WhoAmIExtendedResult whoAmIResult = (WhoAmIExtendedResult) genericWhoAmIResult;
// Extract the user DN from the "Who Am I?" result's authorization ID.
final String authzDN;
final String authzID = whoAmIResult.getAuthorizationID();
if (authzID.startsWith("dn:")) {
authzDN = authzID.substring(3);
} else {
return new ExtendedResult(-1, ResultCode.LOCAL_ERROR, ERR_SUBTREE_DELETER_INTERFACE_WHO_AM_I_AUTHZ_ID_NOT_DN.get(authzID), null, StaticUtils.NO_STRINGS, null, null, StaticUtils.NO_CONTROLS);
}
// Use the set subtree accessibility extended operation to make the target
// subtree hidden and read-only.
final ExtendedResult setInaccessibleResult = processExtendedOperation(connection, SetSubtreeAccessibilityExtendedRequest.createSetHiddenRequest(baseDN.toString(), authzDN));
if (setInaccessibleResult.getResultCode() == ResultCode.SUCCESS) {
return null;
} else {
return setInaccessibleResult;
}
}
Also used :
WhoAmIExtendedResult(com.unboundid.ldap.sdk.extensions.WhoAmIExtendedResult)
WhoAmIExtendedRequest(com.unboundid.ldap.sdk.extensions.WhoAmIExtendedRequest)
WhoAmIExtendedResult(com.unboundid.ldap.sdk.extensions.WhoAmIExtendedResult)
ExtendedResult(com.unboundid.ldap.sdk.ExtendedResult)
ASN1OctetString(com.unboundid.asn1.ASN1OctetString)
Example 2 with WhoAmIExtendedRequest
use of com.unboundid.ldap.sdk.extensions.WhoAmIExtendedRequest in project ldapsdk by pingidentity.
the class UpdateConnectionPoolBindRequestAndServerSetTestCase method assertAuthorizationDNEquals.
/**
* Uses the "Who Am I?" extended operation on the provided connection to
* ensure that it has the specified authorization identity.
*
* @param conn The connection for which to obtain the authorization
* identity. It must not be {@code null}.
* @param dn The DN of the entry that is expected to be the authorization
* identity for the connection. It may be {@code null} if the
* connection should be unauthenticated.
*
* @throws Exception If an unexpected problem occurs.
*/
private void assertAuthorizationDNEquals(final LDAPConnection conn, final String dn) throws Exception {
final WhoAmIExtendedResult whoAmIResult = (WhoAmIExtendedResult) conn.processExtendedOperation(new WhoAmIExtendedRequest());
assertResultCodeEquals(whoAmIResult, ResultCode.SUCCESS);
final String authorizationID = whoAmIResult.getAuthorizationID();
assertNotNull(authorizationID);
assertTrue(authorizationID.startsWith("dn:"));
if (dn == null) {
assertEquals(authorizationID, "dn:");
} else {
final String extractedDN = authorizationID.substring(3);
assertDNsEqual(extractedDN, dn);
}
}
Also used :
WhoAmIExtendedResult(com.unboundid.ldap.sdk.extensions.WhoAmIExtendedResult)
WhoAmIExtendedRequest(com.unboundid.ldap.sdk.extensions.WhoAmIExtendedRequest)
Example 3 with WhoAmIExtendedRequest
use of com.unboundid.ldap.sdk.extensions.WhoAmIExtendedRequest in project ldapsdk by pingidentity.
the class LDAPPasswordModify method getUserIdentity.
/**
* Retrieves the user identity for whom to update the password.
*
* @param pool A connection pool to use to communicate with the
* directory server, if necessary. This may be
* {@code null} if only an explicitly provided user
* identity should be used. If it is
* non-{@code null}, then an attempt will be made
* to infer the correct value, and the value
* returned will be a DN.
* @param isActiveDirectory Indicates whether the target directory server
* is believed to be an Active Directory instance.
*
* @return The user identity for whom to update the password.
*
* @throws LDAPException If a problem occurs while attempting to obtain the
* user identity.
*/
@NotNull()
private String getUserIdentity(@NotNull final LDAPConnectionPool pool, final boolean isActiveDirectory) throws LDAPException {
String identity = null;
final DNArgument bindDNArgument = argumentParser.getDNArgument(BIND_DN_ARGUMENT_LONG_IDENTIFIER);
if (userIdentity.isPresent()) {
identity = userIdentity.getValue();
} else if (provideBindDNAsUserIdentity.isPresent()) {
identity = bindDNArgument.getStringValue();
if ((pool == null) && verbose.isPresent()) {
out();
wrapOut(0, WRAP_COLUMN, INFO_PWMOD_USING_USER_IDENTITY_FROM_DN_FOR_EXTOP.get(identity));
}
} else {
if ((pool == null) && verbose.isPresent()) {
out();
wrapOut(0, WRAP_COLUMN, INFO_PWMOD_OMITTING_USER_IDENTITY_FROM_EXTOP.get());
}
}
if (pool == null) {
return identity;
}
if (identity == null) {
if (bindDNArgument.isPresent()) {
final DN bindDN = bindDNArgument.getValue();
if (!bindDN.isNullDN()) {
return bindDN.toString();
}
}
final WhoAmIExtendedRequest whoAmIRequest = new WhoAmIExtendedRequest();
try {
final WhoAmIExtendedResult whoAmIResult = (WhoAmIExtendedResult) pool.processExtendedOperation(whoAmIRequest);
if (whoAmIResult.getResultCode() == ResultCode.SUCCESS) {
identity = whoAmIResult.getAuthorizationID();
}
} catch (final LDAPException e) {
Debug.debugException(e);
}
}
if (identity == null) {
throw new LDAPException(ResultCode.PARAM_ERROR, ERR_PWMOD_CANNOT_DETERMINE_USER_IDENTITY.get(userIdentity.getIdentifierString()));
}
final String userDN;
final String lowerIdentity = StaticUtils.toLowerCase(identity);
if (lowerIdentity.startsWith("dn:")) {
userDN = identity.substring(3).trim();
} else if (lowerIdentity.startsWith("u:")) {
final String username = identity.substring(2).trim();
if (username.isEmpty()) {
throw new LDAPException(ResultCode.PARAM_ERROR, ERR_PWMOD_USER_IDENTITY_EMPTY_USERNAME.get(userIdentity.getIdentifierString()));
}
userDN = searchForUser(pool, username, isActiveDirectory);
} else {
userDN = identity;
}
final DN parsedUserDN;
try {
parsedUserDN = new DN(userDN);
} catch (final LDAPException e) {
Debug.debugException(e);
throw new LDAPException(ResultCode.PARAM_ERROR, ERR_PWMOD_USER_IDENTITY_NOT_VALID_DN.get(userDN, userIdentity.getIdentifierString()), e);
}
if (parsedUserDN.isNullDN()) {
throw new LDAPException(ResultCode.PARAM_ERROR, ERR_PWMOD_USER_IDENTITY_EMPTY_DN.get(userIdentity.getIdentifierString()));
}
if (verbose.isPresent()) {
out();
INFO_PWMOD_USER_IDENTITY_DN_FOR_MOD.get(userDN);
}
return userDN;
}
Also used :
WhoAmIExtendedResult(com.unboundid.ldap.sdk.extensions.WhoAmIExtendedResult)
DNArgument(com.unboundid.util.args.DNArgument)
LDAPException(com.unboundid.ldap.sdk.LDAPException)
WhoAmIExtendedRequest(com.unboundid.ldap.sdk.extensions.WhoAmIExtendedRequest)
DN(com.unboundid.ldap.sdk.DN)
NotNull(com.unboundid.util.NotNull)
Example 4 with WhoAmIExtendedRequest
use of com.unboundid.ldap.sdk.extensions.WhoAmIExtendedRequest in project ldapsdk by pingidentity.
the class LDAPConnectionPoolTestCase method testDisallowedAsyncOperations.
/**
* Tests the behavior of the {@code processRequestsAsync} method when
* requesting operations that cannot be processed asynchronously.
* <BR><BR>
* Access to a Directory Server instance is required for complete processing.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testDisallowedAsyncOperations() throws Exception {
if (!isDirectoryInstanceAvailable()) {
return;
}
// Create the connection pool.
final LDAPConnectionOptions options = new LDAPConnectionOptions();
options.setUseSynchronousMode(true);
final SingleServerSet serverSet = new SingleServerSet(getTestHost(), getTestPort(), options);
final SimpleBindRequest bindRequest = new SimpleBindRequest(getTestBindDN(), getTestBindPassword());
final LDAPConnectionPool pool = new LDAPConnectionPool(serverSet, bindRequest, 10, 10);
// Ensure a bind request is rejected.
final ArrayList<LDAPRequest> requests = new ArrayList<LDAPRequest>(1);
requests.add(new SimpleBindRequest("", ""));
try {
pool.processRequestsAsync(requests, 0L);
fail("Expected an exception when attempting an async bind request.");
} catch (final LDAPException le) {
// This was expected.
assertResultCodeEquals(le, ResultCode.PARAM_ERROR);
}
// Ensure an extended request is rejected.
requests.clear();
requests.add(new WhoAmIExtendedRequest());
try {
pool.processRequestsAsync(requests, 0L);
fail("Expected an exception when attempting an async extended request.");
} catch (final LDAPException le) {
// This was expected.
assertResultCodeEquals(le, ResultCode.PARAM_ERROR);
}
// Ensure a search request is rejected if it doesn't include a search result
// listener.
requests.clear();
requests.add(new SearchRequest("", SearchScope.BASE, "(objectClass=*)"));
try {
pool.processRequestsAsync(requests, 0L);
fail("Expected an exception when attempting a non-async search request.");
} catch (final LDAPException le) {
// This was expected.
assertResultCodeEquals(le, ResultCode.PARAM_ERROR);
}
pool.close();
}
Also used :
WhoAmIExtendedRequest(com.unboundid.ldap.sdk.extensions.WhoAmIExtendedRequest)
ArrayList(java.util.ArrayList)
Test(org.testng.annotations.Test)
Example 5 with WhoAmIExtendedRequest
use of com.unboundid.ldap.sdk.extensions.WhoAmIExtendedRequest in project ldapsdk by pingidentity.
the class LDAPConnectionPoolTestCase method assertBoundAs.
/**
* Ensures that the provided connection is bound as the user with the
* specified DN.
*
* @param conn The connection to examine.
* @param dn The expected DN of the authenticated user.
*
* @throws Exception If an unexpected problem occurs.
*/
private void assertBoundAs(final LDAPConnection conn, final String dn) throws Exception {
final WhoAmIExtendedResult whoAmIResult = (WhoAmIExtendedResult) conn.processExtendedOperation(new WhoAmIExtendedRequest());
assertResultCodeEquals(whoAmIResult, ResultCode.SUCCESS);
final String authzID = whoAmIResult.getAuthorizationID();
assertNotNull(authzID);
assertTrue(authzID.startsWith("dn:"));
assertDNsEqual(authzID.substring(3), dn);
}
Also used :
WhoAmIExtendedResult(com.unboundid.ldap.sdk.extensions.WhoAmIExtendedResult)
WhoAmIExtendedRequest(com.unboundid.ldap.sdk.extensions.WhoAmIExtendedRequest)
Aggregations
WhoAmIExtendedRequest (com.unboundid.ldap.sdk.extensions.WhoAmIExtendedRequest)37
Test (org.testng.annotations.Test)31
LDAPConnection (com.unboundid.ldap.sdk.LDAPConnection)21
WhoAmIExtendedResult (com.unboundid.ldap.sdk.extensions.WhoAmIExtendedResult)15
ASN1OctetString (com.unboundid.asn1.ASN1OctetString)9
Control (com.unboundid.ldap.sdk.Control)8
LDAPException (com.unboundid.ldap.sdk.LDAPException)7
SimpleBindRequest (com.unboundid.ldap.sdk.SimpleBindRequest)7
AuthorizationIdentityRequestControl (com.unboundid.ldap.sdk.controls.AuthorizationIdentityRequestControl)6
AuthorizationIdentityResponseControl (com.unboundid.ldap.sdk.controls.AuthorizationIdentityResponseControl)6
InMemoryDirectoryServer (com.unboundid.ldap.listener.InMemoryDirectoryServer)4
BindResult (com.unboundid.ldap.sdk.BindResult)4
AddRequest (com.unboundid.ldap.sdk.AddRequest)3
CompareRequest (com.unboundid.ldap.sdk.CompareRequest)3
DeleteRequest (com.unboundid.ldap.sdk.DeleteRequest)3
ExtendedResult (com.unboundid.ldap.sdk.ExtendedResult)3
LDAPConnectionOptions (com.unboundid.ldap.sdk.LDAPConnectionOptions)3
ModifyDNRequest (com.unboundid.ldap.sdk.ModifyDNRequest)3
ModifyRequest (com.unboundid.ldap.sdk.ModifyRequest)3
PLAINBindRequest (com.unboundid.ldap.sdk.PLAINBindRequest)3
